| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA256 |
| |
| CVE-2023-34442: Temporary File Local Information Disclosure in camel-jira |
| |
| Severity: LOW |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: 3.0.0 up to 3.14.8, and 3.18.0 up to 3.18.7, 3.20.0 up to 3.20.5 and 4.0.0-M1 up to 4.0.0-M3 |
| |
| Description: The Camel-Jira FileConverter class is vulnerable to temporary file information disclosure. If sensitive information is written to this file, all other local users will be able to view the contents of that document. |
| |
| Mitigation: Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 |
| |
| Credit: This issue was discovered by Jonathan Leitschuh of the Open Source Security Foundation: Project Alpha-Omega |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQEzBAEBCAAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmSn2bgACgkQ406fOAL/ |
| QQDnzAf+NV4/lwUKIplIxzZfgzcO4AL6rFadd1cBSP8B5TsMK1petSrVUeB1QHuJ |
| Ehv3AgQNdgw4GMJ10mZsBp21Pjbii1dH1LxC+p6Dg/xv7ODcj29FYiDCoFUUT12L |
| YHmLbhMmTsHZ667PKcEKjEBOzuVMQln1tGkdSBEz1/Sfvb62cy7C74ieU7CxP68v |
| 9XQ7NHseoS4/aKcPB9ytOHb23hEr9dEMF1MODZeztUB8RRgTx+RRN3AOXxN9csCC |
| 4FnnQQ+TlaxW2lDR98DrcGci3w/Q9fcrZ6uGjzXbC/du45LixmbcTh2nwQj3Tfdd |
| gqY2NPh87dCByWCe904DWArHBVKhNg== |
| =eRGD |
| -----END PGP SIGNATURE----- |